From 5951b954be0bf83f369fe76edf36e2d6c1ea8f7a Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 31 May 2019 17:58:47 +0200
Subject: [PATCH] ipa[server,replica]: Enable freeipa-trust service if adtrust
 is enabled

The freeipa-trust service has not been added if adtrust was enabled. For
ipareplica the addition of freeipa-replication has been removed as the
used port is not used anymore since some time.

Fixes: #83 (when installing with ipaserver_setup_adtrust: true the firewalld
service freeipa-trust is not added)
---
 roles/ipareplica/tasks/install.yml | 6 ++++--
 roles/ipaserver/tasks/install.yml  | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 679021c8..72f45223 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -96,7 +96,8 @@
       --permanent
       --add-service=freeipa-ldap
       --add-service=freeipa-ldaps
-      --add-service=freeipa-replication
+      {{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
+         else "" }}
       {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
     when: ipareplica_setup_firewalld | bool
@@ -106,7 +107,8 @@
       firewall-cmd
       --add-service=freeipa-ldap
       --add-service=freeipa-ldaps
-      --add-service=freeipa-replication
+      {{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
+         else "" }}
       {{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
     when: ipareplica_setup_firewalld | bool
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 14c1730d..cfb88ead 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -391,6 +391,8 @@
       --permanent
       --add-service=freeipa-ldap
       --add-service=freeipa-ldaps
+      {{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
+         else "" }}
       {{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
     when: ipaserver_setup_firewalld | bool
@@ -400,6 +402,8 @@
       firewall-cmd
       --add-service=freeipa-ldap
       --add-service=freeipa-ldaps
+      {{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
+         else "" }}
       {{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
       {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
     when: ipaserver_setup_firewalld | bool
-- 
GitLab